Very interesting question. I have not done extensive research in that direction, however it is to be assumed that IoT devices will have a significantly longer lifespan than a PC or a phone, mostly because these devices will be deployed and run unmonitored for the majority of their life.There is an interesting intersection of device lifetime and security though. One problem is that if devices are attacked it is very hard to tell if the attacker was able to persist code somehow in the device and turned the device bad, because a bad device will always lie about it's state. This means in order to cleanse a device that was as much as suspected to have been attacked requires for it to be destroyed and disposed of.The work I'm doing provides a meaningful device health attestation that is done based on a hardware and software identity of the device. So if it carries a remnant of a previous attack it cannot hide that fact anymore. This still means that bad devices may have to be destroyed, but at least now one can clearly differentiate between a suspected device and a bad one. This will provide with plenty of opportunity to redeploy, refurbish and remanufacture devices instead to just throwing them into a shredder.